1. Install linux on your system. Kali Linux is recommended.
2. Learn basic linux commands.
3. Learn the basics of some programming languages (HTML/CSS, JS, PHP, SQL, Python) For basics and in-short tutorials of programming languages, watch Derek's videos on YouTube

Frequently Used Linux commands:

cat, ls, vim, ping, file, find, du, pwd, env, chmod, wget, cron, telnet, gzip, bzip2, tar, base64, grep, nc, curl, strings, whatweb etc.

For Windows 10/11

• Official Microsoft Guide

If wsl --install doesn't work then refer the manual steps

• Microsoft Guide Manual

Reference Video:

• This video by NetworkChuck guides you through the manual steps Install WSL in 5 minutes
• For installation of GUI (Graphical User Interface), kex, refer to the following video Graphical Install for WSL

For those of you on Windows AMD, WSL has some stability issues. So, we recommend using Virtual Machines

• Kali Linux in Virtual Box
• Linux on VMWARE

For mac users, you already have a terminal. For some tools you might need Kali Linux (not any time soon).

• Virtual Box method
• Macbook M1

• HTTP methods (mainly GET and POST methods)
• IP (Internet Protocol)
• DNS (Domain Name System)
• SSH (Secure Shell)
• Telnet (Teletype Network)
• Ports

• Hacker101 - The Web In Depth
• IP Addresses and the Internet - Computerphile

• Learn Python, as many tools/scripts are coded in it.
• Learn to use Github.
• Learn about OWASP (Open Web Application Security Project) community and it's list of top 10 vulnerabilities.
• Learn basics of command line editors vim and GNU nano.

• Solve basic CTF problems from Bandit and Natas on OverTheWire.
• After completing Bandit and Natas, move on to Hack this site(contains challenges covering the basics and JS)
• Start participating in live CTFs on CTFtime. This will boost your problem solving skills.
• Try solving CTF challenges from picoCTF and CTFlearn.
• Solve previous Challenges of CTF and read Writeups.

Note: CTFtime is the platform where you can get every CTF-related information.

• Learn creating ssh public key and connecting to ssh server: pico2017 keyz
• Master some of the most important tools of Kali:
  • Burpsuite
  • Wireshark
  • Nmap
  • Metasploit
  • Webscarab
• Learn using some browser extensions helpful in solving CTF problems:
  • Hackbar
  • Cookie-editor
  • Open referer control
• Learn about various vulnerabilities: XSS, HTMLi, SQLi, Parameter Tampering, Host Header Injection, URL Redirection, LFI, RFI, SSTI, CCRF, SSRF, Subdomain Takeover, CMDi, XMLI etc.

• Web Security
• Network Security
• Forensics
• Application Security
• Steganography
• Cryptography
• Mobile Security

Quick guide for introduction: https://www.tutorialspoint.com/penetration_testing/penetration_testing_quick_guide.htm

• TryHackMe
• HackTheBox
• VulnHub

• nmap
• rustscan
• feroxbuster
• hydra
• Reverse Shells
• GTFOBins

• Web Application Hackers' Handbook
• Web Hacking 101

• XSS
• SQLi

• http://testphp.vulnweb.com/
• http://hackthis.co.uk (SQLi)

• learn with practicals: CryptoHack
• For advanced crypto go to coursera

• (https://regexone.com/)
• (https://regexr.com/)

• (https://devhints.io/bash)
• (https://www.shellscript.sh/)

• (https://www.cybrary.it/)
• (https://www.hacker101.com/)
• (http://virustotal.com): Site used for finding all subdomains of a site, checking virus, and many more.

• Hacking: The Art of Exploitation
• The Shellcoders Handbook

• Computerphile
• David Bombal
• JohnHammond
• DEFCONConference
• NahamSec
• IppSec
• BlackPerl
• LiveOverflow

• Bugcrowd
• Hackerone

• Crypto: dCode, CyberChef, cryptii
• Steganography: zteg, stegsolve, binwalk, hex-editor, Aperi'Solve, StegOnline
• Reversing: gdb, ghidra, edb-debug, dogbolt
• Password cracking: john the ripper, Crackstation, hashcat, crunch, medusa
• SQLi: sqlmap
• Forensics: Volatility, Sleuthkit

HTTP, HTTPS, FTP, DNS, SMTP, ports, MAC Address, IPv4, IPv6, Public v Private IP, OSI model, Routers and switches.

• Linux Fundementals
• Google Dorking
• Steganography
• Windows Password Bypass
• File Deletion and File System
• VLC
• CTF